Changeset 275


Ignore:
Timestamp:
Mar 10, 2010, 9:24:17 PM (15 years ago)
Author:
katerina
Message:

Fix for ticket #195 (broken immediate mailing of highest priority messages).

Location:
trunk
Files:
11 edited

Legend:

Unmodified
Added
Removed
  • trunk/Makefile.in

    r272 r275  
    160160        $(srcsrc)/sh_pthread.c $(srcsrc)/sh_string.c \
    161161        $(srcsrc)/sh_log_parse_syslog.c $(srcsrc)/sh_log_parse_pacct.c \
    162         $(srcsrc)/sh_log_parse_samba.c \
     162        $(srcsrc)/sh_log_parse_samba.c $(srcsrc)/sh_log_parse_generic.c \
    163163        $(srcsrc)/sh_log_parse_apache.c $(srcsrc)/sh_log_evalrule.c \
    164164        $(srcsrc)/sh_log_correlate.c $(srcsrc)/sh_log_mark.c \
     
    181181        sh_log_parse_syslog.o sh_log_parse_pacct.o sh_log_parse_apache.o \
    182182        sh_log_parse_samba.o sh_log_evalrule.o sh_log_check.o \
     183        sh_log_parse_generic.o \
    183184        sh_log_correlate.o sh_log_mark.o sh_log_repeat.o \
    184185        sh_pthread.o sh_string.o sh_inotify.o dnmalloc.o
     
    17331734sh_log_parse_apache.o: $(srcsrc)/sh_log_parse_apache.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h
    17341735sh_log_evalrule.o: $(srcsrc)/sh_log_evalrule.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/sh_log_correlate.h $(srcinc)/sh_log_mark.h $(srcinc)/sh_log_repeat.h $(srcinc)/zAVLTree.h
    1735 sh_log_check.o: $(srcsrc)/sh_log_check.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/sh_log_correlate.h $(srcinc)/sh_log_mark.h $(srcinc)/sh_log_repeat.h $(srcinc)/sh_modules.h
     1736sh_log_check.o: $(srcsrc)/sh_log_check.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/sh_log_correlate.h $(srcinc)/sh_log_mark.h $(srcinc)/sh_log_repeat.h $(srcinc)/sh_extern.h $(srcinc)/sh_modules.h
    17361737sh_log_parse_samba.o: $(srcsrc)/sh_log_parse_samba.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_string.h
    17371738sh_nmail.o: $(srcsrc)/sh_nmail.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_mem.h $(srcinc)/sh_mail.h $(srcinc)/sh_tiger.h $(srcinc)/sh_string.h $(srcinc)/sh_utils.h $(srcinc)/sh_fifo.h $(srcinc)/sh_filter.h $(srcinc)/sh_mail_int.h $(srcinc)/zAVLTree.h
     
    17411742sh_log_mark.o: $(srcsrc)/sh_log_mark.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_mem.h $(srcinc)/sh_string.h $(srcinc)/sh_error_min.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/zAVLTree.h
    17421743sh_log_repeat.o: $(srcsrc)/sh_log_repeat.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h
     1744sh_log_parse_generic.o: $(srcsrc)/sh_log_parse_generic.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_log_check.h $(srcinc)/sh_string.h
  • trunk/configure.ac

    r272 r275  
    1212dnl start
    1313dnl
    14 AM_INIT_AUTOMAKE(samhain, 2.6.2)
     14AM_INIT_AUTOMAKE(samhain, 2.6.3)
    1515AC_DEFINE([SAMHAIN], 1, [Application is samhain])
    1616AC_CANONICAL_HOST
  • trunk/depend.dep

    r269 r275  
    7373sh_log_parse_apache.o: $(srcsrc)/sh_log_parse_apache.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h
    7474sh_log_evalrule.o: $(srcsrc)/sh_log_evalrule.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/sh_log_correlate.h $(srcinc)/sh_log_mark.h $(srcinc)/sh_log_repeat.h $(srcinc)/zAVLTree.h
    75 sh_log_check.o: $(srcsrc)/sh_log_check.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/sh_log_correlate.h $(srcinc)/sh_log_mark.h $(srcinc)/sh_log_repeat.h $(srcinc)/sh_modules.h
     75sh_log_check.o: $(srcsrc)/sh_log_check.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_unix.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/sh_log_correlate.h $(srcinc)/sh_log_mark.h $(srcinc)/sh_log_repeat.h $(srcinc)/sh_extern.h $(srcinc)/sh_modules.h
    7676sh_log_parse_samba.o: $(srcsrc)/sh_log_parse_samba.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_log_check.h $(srcinc)/sh_string.h
    7777sh_nmail.o: $(srcsrc)/sh_nmail.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_mem.h $(srcinc)/sh_mail.h $(srcinc)/sh_tiger.h $(srcinc)/sh_string.h $(srcinc)/sh_utils.h $(srcinc)/sh_fifo.h $(srcinc)/sh_filter.h $(srcinc)/sh_mail_int.h $(srcinc)/zAVLTree.h
     
    8181sh_log_mark.o: $(srcsrc)/sh_log_mark.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_mem.h $(srcinc)/sh_string.h $(srcinc)/sh_error_min.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h $(srcinc)/zAVLTree.h
    8282sh_log_repeat.o: $(srcsrc)/sh_log_repeat.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_pthread.h $(srcinc)/sh_utils.h $(srcinc)/sh_string.h $(srcinc)/sh_log_check.h $(srcinc)/sh_log_evalrule.h
     83sh_log_parse_generic.o: $(srcsrc)/sh_log_parse_generic.c Makefile config_xor.h $(srcinc)/samhain.h $(srcinc)/sh_log_check.h $(srcinc)/sh_string.h
  • trunk/depend.sum

    r269 r275  
    1 2302754398
     1315325077
  • trunk/docs/Changelog

    r272 r275  
     12.6.3:
     2        * Fix bug in mail module, recipients incorrectly flagged
     3          as aliases, which breaks immediate mail for 'alert'
     4          (reported by Jesse)
     5       
    162.6.2:
    27        * Makefile.in: fix problem in deploy system caused
  • trunk/include/sh_extern.h

    r211 r275  
    3535 */
    3636int sh_ext_popen (sh_tas_t * task);
     37
     38/*
     39 * -- generic simple safe popen; returns 0 on success, -1 otherwise,
     40 *    executes shell command
     41 */
     42int sh_ext_popen_init (sh_tas_t * task, char * command);
    3743
    3844/*
  • trunk/include/sh_log_check.h

    r271 r275  
    2626#define SH_LOGFILE_REWIND (1<<1)
    2727#define SH_LOGFILE_PIPE   (1<<2)
     28#define SH_LOGFILE_NOFILE (1<<3)
    2829
    2930struct sh_logfile
     
    5253};
    5354
     55/* Generic callback function to parse fileinfo.
     56 */
     57void * sh_eval_fileinfo_generic(char * str);
     58
     59/* Generic parser info.
     60 */
     61struct sh_logrecord * sh_parse_generic (sh_string * logline, void * fileinfo);
     62
     63
    5464/****************************************************************
    5565 **
     
    5969/* Open file, position at stored offset. */
    6070int sh_open_for_reader (struct sh_logfile * logfile);
     71
     72/* Simple line reader for executed shell command   */
     73sh_string * sh_command_reader (sh_string * record,
     74                               struct sh_logfile * logfile);
     75
     76/* Wrapper for sh_command_reader */
     77sh_string * sh_read_shell (sh_string * record, struct sh_logfile * logfile);
    6178
    6279/* Simple line reader.   */
  • trunk/src/sh_extern.c

    r252 r275  
    809809}
    810810
     811int sh_ext_popen_init (sh_tas_t * task, char * command)
     812{
     813  int status;
     814
     815  sh_ext_tas_init(task);
     816
     817  (void) sh_ext_tas_add_envv (task, _("SHELL"),
     818                              _("/bin/sh"));
     819  (void) sh_ext_tas_add_envv (task, _("PATH"), 
     820                              _("/sbin:/bin:/usr/sbin:/usr/bin:/usr/ucb"));
     821  (void) sh_ext_tas_add_envv (task, _("IFS"), " \n\t");
     822  if (sh.timezone != NULL)
     823    {
     824      (void) sh_ext_tas_add_envv(task,  "TZ", sh.timezone);
     825    }
     826 
     827  sh_ext_tas_command(task,  _("/bin/sh"));
     828
     829  (void) sh_ext_tas_add_argv(task,  _("/bin/sh"));
     830  (void) sh_ext_tas_add_argv(task,  _("-c"));
     831  (void) sh_ext_tas_add_argv(task,  command);
     832 
     833  task->rw = 'r';
     834  task->fork_twice = S_FALSE;
     835
     836  status = sh_ext_popen(task);
     837
     838  return status;
     839}
     840
    811841/* Execute command, return first line of output
    812842 * ifconfig | grep -1 lo | tail -n 1 | sed s/.*inet addr:\([0-9.]*\)\(.*\)/\1/
     
    822852  SL_ENTER(_("sh_ext_popen_str"));
    823853
    824   sh_ext_tas_init(&task);
    825 
    826   (void) sh_ext_tas_add_envv (&task, _("SHELL"),
    827                               _("/bin/sh"));
    828   (void) sh_ext_tas_add_envv (&task, _("PATH"), 
    829                               _("/sbin:/bin:/usr/sbin:/usr/bin:/usr/ucb"));
    830   (void) sh_ext_tas_add_envv (&task, _("IFS"), " \n\t");
    831   if (sh.timezone != NULL)
    832     {
    833       (void) sh_ext_tas_add_envv(&task,  "TZ", sh.timezone);
    834     }
    835  
    836   sh_ext_tas_command(&task,  _("/bin/sh"));
    837 
    838   (void) sh_ext_tas_add_argv(&task,  _("/bin/sh"));
    839   (void) sh_ext_tas_add_argv(&task,  _("-c"));
    840   (void) sh_ext_tas_add_argv(&task,  command);
    841  
    842   task.rw = 'r';
    843   task.fork_twice = S_FALSE;
    844 
    845   status = sh_ext_popen(&task);
     854  status = sh_ext_popen_init (&task, command);
    846855
    847856  if (status != 0)
    848857    {
    849858      sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, status, MSG_E_SUBGEN,
    850                       _("Could not open pipe"), _("sh_ext_popen_str"));
     859                      _("Could not open pipe"), _("sh_ext_popen_str"));
    851860      SL_RETURN ((NULL), _("sh_ext_popen_str"));
    852861    }
    853862
    854   /* ignore SIGPIPE (instead get EPIPE if connection is closed)
    855    */
    856   new_act.sa_handler = SIG_IGN;
    857   (void) retry_sigaction (FIL__, __LINE__, SIGPIPE, &new_act, &old_act);
    858 
     863   /* ignore SIGPIPE (instead get EPIPE if connection is closed)
     864    */
     865   new_act.sa_handler = SIG_IGN;
     866   (void) retry_sigaction (FIL__, __LINE__, SIGPIPE, &new_act, &old_act);
     867   
    859868  /* read from the open pipe
    860869   */
  • trunk/src/sh_log_check.c

    r272 r275  
    3939#include "sh_log_mark.h"
    4040#include "sh_log_repeat.h"
     41#include "sh_extern.h"
    4142
    4243/* List of supported logfile types, format is
     
    5758    {  "PACCT",  sh_read_pacct,   sh_parse_pacct,  NULL },
    5859#endif
     60    {  "SHELL",  sh_read_shell,   sh_parse_generic,  sh_eval_fileinfo_generic },
    5961};
    6062
     
    237239    }
    238240
    239   if (splits[1][0] != '/')
     241  if (splits[1][0] != '/' && 0 != strcmp(splits[0], _("SHELL")))
    240242    {
    241243      sh_string * msg =  sh_string_new(0);
     
    258260
    259261  thisfile->filename     = filename;
    260   thisfile->flags        = SH_LOGFILE_REWIND;
     262  if (strcmp(splits[0], _("SHELL")))
     263    thisfile->flags        = SH_LOGFILE_NOFILE;
     264  else
     265    thisfile->flags        = SH_LOGFILE_REWIND;
    261266  thisfile->inode        = 0;
    262267  thisfile->device_id    = 0;
     
    323328  /* Try reading saved offset. On success clear rewind flag.
    324329   */
    325   if (0 == stat(thisfile->filename, &buf))
    326     {
    327       if (S_ISREG(buf.st_mode)
     330  if ((thisfile->flags & SH_LOGFILE_NOFILE) == 0)
     331    {
     332      if (0 == stat(thisfile->filename, &buf))
     333        {
     334          if (S_ISREG(buf.st_mode)
    328335#ifdef S_ISLNK
    329           || S_ISLNK(buf.st_mode)
     336              || S_ISLNK(buf.st_mode)
    330337#endif
    331           )
    332         {
    333           thisfile->inode     = buf.st_ino;
    334           thisfile->device_id = buf.st_dev;
     338              )
     339            {
     340              thisfile->inode     = buf.st_ino;
     341              thisfile->device_id = buf.st_dev;
     342             
     343              if (0 != read_pos(thisfile))
     344                {
     345                  thisfile->flags &= ~SH_LOGFILE_REWIND;
     346                }
     347            }
     348          else if (S_ISFIFO(buf.st_mode))
     349            {
     350              thisfile->inode      = buf.st_ino;
     351              thisfile->device_id  = buf.st_dev;
     352              thisfile->flags     |= SH_LOGFILE_PIPE;
     353            }
     354        }
     355      else
     356        {
     357          sh_string * msg =  sh_string_new(0);
     358          sh_string_add_from_char(msg, _("Logfile is not a regular file, link, or named pipe: "));
     359          sh_string_add_from_char(msg, splits[1]);
    335360         
    336           if (0 != read_pos(thisfile))
    337             {
    338               thisfile->flags &= ~SH_LOGFILE_REWIND;
    339             }
    340         }
    341       else if (S_ISFIFO(buf.st_mode))
    342         {
    343           thisfile->inode      = buf.st_ino;
    344           thisfile->device_id  = buf.st_dev;
    345           thisfile->flags     |= SH_LOGFILE_PIPE;
    346         }
    347     }
    348   else
    349     {
    350       sh_string * msg =  sh_string_new(0);
    351       sh_string_add_from_char(msg, _("Logfile is not a regular file, link, or named pipe: "));
    352       sh_string_add_from_char(msg, splits[1]);
    353      
    354       SH_MUTEX_LOCK(mutex_thread_nolog);
    355       sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN,
    356                       sh_string_str(msg),
    357                       _("sh_add_watch"));
    358       SH_MUTEX_UNLOCK(mutex_thread_nolog);
    359       sh_string_destroy(&msg);
    360      
    361       SH_FREE(filename);
    362       SH_FREE(thisfile);
    363       SH_FREE(new);
    364       return -1;
     361          SH_MUTEX_LOCK(mutex_thread_nolog);
     362          sh_error_handle(SH_ERR_ERR, FIL__, __LINE__, 0, MSG_E_SUBGEN,
     363                          sh_string_str(msg),
     364                          _("sh_add_watch"));
     365          SH_MUTEX_UNLOCK(mutex_thread_nolog);
     366          sh_string_destroy(&msg);
     367         
     368          SH_FREE(filename);
     369          SH_FREE(thisfile);
     370          SH_FREE(new);
     371          return -1;
     372        }
    365373    }
    366374
     
    380388      sh_watched_logs = thisfile->next;
    381389
    382       if ((thisfile->flags & SH_LOGFILE_PIPE) == 0)
     390      if ((thisfile->flags & SH_LOGFILE_NOFILE) == 0 &&
     391          (thisfile->flags & SH_LOGFILE_PIPE) == 0)
    383392        {
    384393          save_pos(thisfile);
    385394        }
    386395
    387       if (thisfile->fp)
    388         sl_fclose(FIL__, __LINE__, thisfile->fp);
     396      if ((thisfile->flags & SH_LOGFILE_NOFILE) == 0)
     397        {
     398          if (thisfile->fp)
     399            sl_fclose(FIL__, __LINE__, thisfile->fp);
     400        }
     401
    389402      if (thisfile->filename)
    390403        SH_FREE(thisfile->filename);
     
    677690sh_string * sh_default_reader (sh_string * s, struct sh_logfile * logfile)
    678691{
    679   int         status;
     692  volatile int         status;
    680693  char * tmp;
    681694
     
    712725  if (0 != sh_open_for_reader(logfile))
    713726    goto start_read;
     727
     728  return NULL;
     729}
     730
     731sh_string * sh_command_reader (sh_string * s, struct sh_logfile * logfile)
     732{
     733  sh_tas_t task;
     734  struct  sigaction  new_act;
     735  struct  sigaction  old_act;
     736
     737  volatile int         status;
     738  char * tmp;
     739
     740 start_read:
     741
     742  if (logfile->fp)
     743    {
     744      /* ignore SIGPIPE (instead get EPIPE if connection is closed)
     745       */
     746      new_act.sa_handler = SIG_IGN;
     747      (void) retry_sigaction (FIL__, __LINE__, SIGPIPE, &new_act, &old_act);
     748
     749      /* Result cannot be larger than 8192, thus cast is ok
     750       */
     751      status = (int) sh_string_read(s, logfile->fp, 8192);
     752
     753      /* restore old signal handler
     754       */
     755      (void) retry_sigaction (FIL__, __LINE__, SIGPIPE, &old_act, NULL);
     756
     757      if (status <= 0)
     758        {
     759          sh_ext_pclose (&task);
     760          logfile->fp = NULL;
     761          sh_string_destroy(&s);
     762
     763          if (status == 0)
     764            {
     765              return NULL;
     766            }
     767
     768          SH_MUTEX_LOCK(mutex_thread_nolog);
     769          tmp = sh_util_safe_name (logfile->filename);
     770          sh_error_handle((-1), FIL__, __LINE__, 0, MSG_LOGMON_EREAD,
     771                          tmp);
     772          SH_FREE(tmp);
     773          SH_MUTEX_UNLOCK(mutex_thread_nolog);
     774
     775          return NULL;
     776        }
     777      return s;
     778    }
     779
     780  status = sh_ext_popen_init (&task, logfile->filename);
     781  if (0 == status)
     782    {
     783      logfile->fp = task.pipe;
     784      goto start_read;
     785    }
     786  else
     787    {
     788      SH_MUTEX_LOCK(mutex_thread_nolog);
     789      sh_error_handle(SH_ERR_ALL, FIL__, __LINE__, status, MSG_E_SUBGEN,
     790                      _("Could not open pipe"), _("sh_command reader"));
     791      SH_MUTEX_UNLOCK(mutex_thread_nolog);
     792    }
    714793
    715794  return NULL;
  • trunk/src/sh_mail.c

    r272 r275  
    581581            ++failcount;
    582582           
    583             SL_RETURN((-1), _("sh_mail_msg"));
     583            SL_RETURN((-2), _("sh_mail_msg"));
    584584          }
    585585        else
     
    816816      {
    817817        rollback_list(fifo_mail);
    818         retval = -1;
     818        retval = -3;
    819819      }
    820820    else
  • trunk/src/sh_nmail.c

    r273 r275  
    108108
    109109      SH_MUTEX_LOCK_UNSAFE(mutex_listall);
    110       if (0 == check_double(str, all_recipients, S_TRUE))
     110      if (0 != check_double(str, all_recipients, S_TRUE))
    111111        {
    112112          new->isAlias    = 1;
     
    207207              for (i = 0; i < nfields; ++i) {
    208208                if (0 == check_double(array[i],  all_recipients, S_TRUE))
    209                   nflag = 1;
     209                  nflag = 1; /* not in all_recipients --> bad */
    210210              }
    211211
     
    406406               */
    407407              if (flagit && list->isAlias == 0)
    408                 list->send_mail = 1;
     408                {
     409                  list->send_mail = 1;
     410                }
    409411              list = list->all_next;
    410412            }
     
    518520          if (retval != 0)
    519521            {
     522              sh_error_handle (SH_ERR_ALL, FIL__, __LINE__,
     523                               retval, MSG_E_SUBGEN,
     524                               _("could not mail immediately"),
     525                               _("sh_nmail_msg") );
    520526              sh_mail_pushstack(level, message, alias);
    521527            }
Note: See TracChangeset for help on using the changeset viewer.